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DETAILED ACTION 

1. This is in reply to application filed on November 18/2003. Claims 1-22 are 
pending/ examined. 

Priority 

2. This application is a continuation of application 10655573 which Claims 
Priority from Provisional application 60442464 , filed on 01/23/2003. 
Therefore, the effective filling data for the subject matter defined in the pending 
claims of this application is 01/23/2003. 



Drawings 

3. Referring to figure 2, on page 7, lines 16-17 of the applicant specification the 
following has been recited. "The journaling server 104-2 processes atomic event 
data.and coalesces it into what are called aggregate events 360." However, the 
corresponding drawing figure 2, does not indicate the designated number "360" 
for aggregate events. 

Appropriate correction is required. 

Claim Rejections - 35 USC §102 

4. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published 
under section 122(b), by another filed in the United States before the invention by 
the applicant for patent or (2) a patent granted on an application for patent by 
another filed in the United States before the invention by the applicant for patent, 
except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in 
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the United States only if the international application designated the United States 
and was published under Article 21(2) of such treaty in the English language. 

5. Claims 1-22 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Belfiore et al. (hereinafter referred as Belfiore)(U.S. Patent No. 6,990,513 B2) 
(filed on Jun 22, 2001) 

6. As per claims 1 and 16-17 Belfiore discloses a system for journaling activity 
in a data processing system comprising: 

• A sensor for capturing atomic level events; [column 20, lines 57- 
58, figure 5, ref. Num "606" see "atomic events provided by event sources 
602"/ As shown on figure 5, ref Num "606" the atomic events are captured) 
and 

• An aggregator, for accepting multiple atomic level events and 
generating a journal event, [column 21, lines 4-12] (Event composition 608 
aggregates, filters, and transforms lower-level events (atomic events 606) 
which meets the limitation of "multiple atomic level events" into higher- 
level events 612, which meets the limitation of a journal event And, at times, 
maps the events directly into actions, such as world action 614. The actions 
include real-world actions 614 and information-gathering actions 616 that serve to 
gather new events via actively polling or listening. Event composition 608 
provides methods for combining events and data, whether the events are 
observed in close temporal proximity or at widely different times) 

7. As per claims 2-3 Belfiore discloses a system/ method as applied to claims 
above. Furthermore Belfiore discloses the method/system wherein, the journal 
events are associated with a particular executing process/with a particular user, 
[column 34-45] [The event component 155 of the present invention transparently 
facilitates the distributed communication of events between any software component that 
publishes or generates events ("event source") and any software component that 
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subscribes to or receives event notifications ("event sink"). In this description and in the 
claims, an event is an observation about one or more states such as, for example, the 
status of system components, the activity of a user.) 

8. As per claims 4 and 18 Belfiore discloses a system/ method as applied to 
claims above. Furthermore Belfiore discloses the method/system additionally 
comprising: a filter for filtering atomic level events with an approved event list. 

[Column 21, lines 4-19 and column 20, lines 62-column 21, lines 3 and column 22, lines 
63-64] (Event composition 608 aggregates, filters, and transforms lower-level events 
(atomic events 606) into higher-level events 612 and, at times, maps the events directly 
into actions, such as world action 614. and on column lines it has been disclosed that 
Event composition may be driven by rules, filters, and by more advanced pattern 
recognizers spanning a spectrum of sophistication all the way up to rich inferential 
machinery. Thus, event composition adapts the set of available atomic events 606 into 
observations 610 that are appropriately matched to the informational requirements of 
software components/ such requirements meets the limitation of approved event 
list, providing them with information at the right level of abstraction to make good 
decisions.) 

9. As per claims 5-6 and 19 Belfiore discloses a system/ method as applied to 
claims above. Furthermore Belfiore discloses the method/system wherein the 
approved event list includes a list of approved file identifiers/ hash code. [Figure 5, 
refi Num 610/612 and 622, column 21, lines 3-35] (As shown on figure 5, High level 
events shown as 612 which meets the limitation of approved event list is stored in event 
store as shown on figure 5, 622 inferences are performed. Such events should have some 
kinds of identifier when they are stored and hashing a value for the sake of utilizing the 
space requirement is something which is also included in storing the list of approved file 
identifiers /high level events 612) 



Application/Control Number: 10/716,336 Page 5 

Art Unit: 2132 , 

10. As per claims 7 and 20 Belflore discloses a system/ method as applied to 
claims above. Furthermore Belflore discloses the method/system, wherein the 
sensor is located within a client agent and the aggregator is located within a 
server. [Column 21, lines 36-44] 

11. As per claims 8 and 21 Belflore discloses a system/ method as applied to 
claims above. Furthermore Belflore discloses the method/ system additionally 
comprising: a coalescer for coalescing atomic events output by the sensor prior to 
inputting them to the aggregator. [Figure 5, ref. Num "606"] 

12. As per claims 9-10 and 22 Belflore discloses a system/ method as applied to 
claims above. Furthermore Belflore discloses the method/ system wherein a 

bundle of coalesced events is created prior to their transmission between the x agent and 
the server. [Figure 5, ref. Num "608"/event composition meets the limitation of a bundle 
of coalesced events] 

13 . As per claim 1 1 Belflore discloses a system/method as applied to claims 
above. Furthermore Belflore discloses the method/system wherein a journal event 
is detected as a suspect action with a data file, [column 23, lines 64-column 24, lines 
22] 

14. As per claim 12 Belfiore discloses a system/method as applied to claims 
above. Furthermore Belflore discloses the method/system wherein an event is 
attributable to a known user, thread and/or application as identified at a known time, 
[figure 5, see "Time"] 

15. As per claim 13 Belflore discloses a system/method as applied to claims 
above. Furthermore Belflore discloses the method/system wherein the coalescer 
reports an event after a time out period with no activity, [column 24, lines 21-22, "notify 
me if there is no mouse movement and no key is pressed in 5 minutes") 
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16. As per claims 14-15 Belflore discloses a system/ method as applied to 
claims above. Furthermore Belflore discloses the method/system wherein journal 
events are used to control security of the data processing system, [column 21, lines 50- 
53 and column 23, lines 64-column 24, lines 22] 



17. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. (See PTO-Form 892). 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Samson B Lemma whose telephone number is 
571-272-3806. The examiner can normally be reached on Monday-Friday (8:00 
am— 4: 30 pm). 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, BARRON JR GILBERTO can be reached on 571-272-3799. The fax 
phone number for the organization where this application or proceeding is 
assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private 
PAIR only. For more information about the PAIR system, see http:/ /pair- 
direct, uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 



Conclusion 



free). 



SAMSON LEMMA 
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